Cynet has officially received recognition from the CVE Program as a CVE Numbering Authority (CNA). This achievement represents an important step in Cynet’s broader role in vulnerability disclosure. It also comes at a time when the disclosure process is facing growing pressure to adapt.
AI is speeding up both the discovery and exploitation of vulnerabilities. This creates challenges for traditional patch management cycles. It also makes it harder to distinguish meaningful risk signals from less relevant findings. This year’s Verizon Data Breach Investigations Report (DBIR) found that organizations had 50% more critical vulnerabilities to patch compared with the previous year. The median time required for full resolution also increased from 32 days to 43 days.
As a CNA, Cynet is responsible for assigning and publishing vulnerabilities related to its products and services. This enables faster and more accurate disclosure directly from the original source. When Cynet publishes a CVE Record, the company manages the quality of the data included in it. CVSS scores, CWE classifications, affected versions, and mitigation guidance can be added directly to the record. This process is supported by Cynet’s years of experience in vulnerability and exposure management. As exploitation windows continue to shrink, security teams can use this information to make faster and better-informed prioritization decisions.
In addition, Cynet’s CyOps team of 24×7 MDR security experts is available to answer questions from partners and customers. The team also regularly shares observations with the wider industry on common and emerging attack paths. CyOps research on the Cynet blog provides more context on the team’s 95% satisfaction score.
According to Shivtej Tata, Director of Information Security at Cynet, becoming an authorized CNA is especially important now because AI is changing both vulnerability disclosure and exploitation. He also noted that Cynet values its collaboration with the CVE Program and its responsibility for its part of the vulnerability disclosure ecosystem at a time when speed and data quality are critical.
About the CVE Program
The CVE Program is an international, community-driven initiative. It enables organizations, researchers, and security tools to identify and track vulnerabilities consistently through standardized CVE Records published on the CVE List.
As part of this achievement, Cynet has updated its Responsible Disclosure Policy to reflect the company’s new role. The updated policy includes clear guidance on how and when CVE IDs are assigned, what the disclosure timeline involves, and what both reporters and customers can expect throughout the process.
About Cynet Security
Cynet Security is an international cybersecurity company headquartered in Boston, Massachusetts, USA. Its activities are focused on protecting corporate IT environments. The company promotes an approach to cyber defense that involves simpler solution deployment, centralized security management, and access to comprehensive protection for organizations of different sizes.
